cimnine's Tech-Blog

Fancy stuff about my technical life

What this all about is....

Breaking your company's proxy with SOHT

posted by cimnine @ 10:07am, Friday 16 October 2009.

After years of trying solutions to break my company's proxy, I finally found the tool SOHT.

What you need:
  • Web-Access to the internet in general
  • HTTPS allowed.
  • The credentials of your company's firewall. (hostname, port, username, password)
  • A Server/PC which
    • is always on an has broadband connection. (best would be a symetric connection)
    • has a running Java Servlet Container (f.e. Tomcat/JBoss/...)
    • has a running HTTP-Proxy (f.e. tinyproxy)
    • for HTTPS-Support: An Apache with SSL and mod-proxy
  • A workplace-PC which
    • Has Java or .NET runtime installed
    • Allows you to configure a proxy or to run (portable) firefox
  • minor technical knowhow
  • some time
What you get:
  • The ability to access every webpage you like
  • The ability to run every tool you like (ssh, irc, ...)
Please note:
Be aware, that what you do might be against your companys rules and this could end up in getting fired!
There is no warranty that this works.
This guide should provide everything you need. If you need more use google or just start thinking. It took me years to figure a way out of my company!

Let's start:
  1. Make shure your Java Container is running with a least Java 1.5
  2. Download and deploy the soht server war-file. (In Tomcat this can be done in the 'Tomcat Manager')
  3. Adjust the Security Manager Settings of your Servlet Container if you have the security manager running. Otherwise you will not be able to change the server-config (eg make users) and to make any tunnel.
  4. Install a HTTPProxy on the webserver. Set it to listen on port 8888. Restrict it to only accept connections from localhost (127.0.0.1).
  5. Download the soht client to your workplace-pc. (If you want to / have to use the .NET client, please try yourself. But it should be about the same.)
  6. Extract the ZIP to a folder.
  7. Windows only:
    1. Copy a 'javaw.exe' (normally in "%JAVA_HOME%/bin") to that folder. Rename it to 'soht.exe'. (Now you are able to kill the process if it hangs once.)
    2. Create a shortcut to 'soht.exe'. Name it 'soht-client' for example. Adjust the 'target': Add " -jar soht-client.jar" to the end of the line. The full line should look now like ' "C:your_soht_foldersoht.exe" -jar soht-client.jar '
  8. Linux/Unix (Mac OS X is a UNIX too):
    1. start soht with this command: "javaw -jar soht-client.jar &"
  9. Open the 'soht.properties' file with a text editor. (Windows: Notepad; Mac: TextEdit; Unix/Linux: You know how.)
    • Fill in your soht server url. If you have users configured (not described here), fill them in too.
    • If you have problems that connection begin to hang, set 'server.stateless=true'
    • Fill in your companys proxy credentials. Set 'proxy.useproxy=true'
    • Add a tunnel from port 8888 to host localhost:8888 like this
      "port.8888=localhost:8888" (Note: SOHT can handle binary protocols, as long as they are TCP based! So SSH can be tunneld to.)
  10. Start the soht-client.
  11. Open your browser. Set the proxy for http and https to 'localhost:8888'
  12. Good luck.
If something is not working:
  1. Open the a shell. (Windows: Start->Run->"cmd"->Ok; Mac: CTRL+Space->"terminal"->[Enter]; Unix/Linux: You know how.)
  2. Navigate to the soht-client folder.
    • Windows:
      1. Enter Drive: "C:"
      2. go step by step to the folder: "cd to", "cd your", "cd folder"
    • Linux/Unix (Mac OS X is a Unix too):
      1. go to the folder: "cd /where/ever/your/folder/is"
  3. Everyone: Enter "java -jar soht-client.jar"
    You should see now the output of the soht-client. And there should be written why it is not working. Now turn on your brain ;)
For more safety: SSL Encryption
  • It depends how advanced you are, but I prefer my Apache HTTP Server to handle my SSL, instead of Tomcat. (It's also because I don't have that many IPs).
  • What you need:
    • A recent, configured Apache HTTP Server with mod-proxy.
    • A SSL-Certificate. (Self-Signed, CA-Cert, VeryTrust, that doesn't matter: SOHT accepts them all.)
    • Again, some time and a bit of technical knowhow.
  • How to do it:
    1. Open your apache configuration. I can't tell you which file, cause XAMPP, Debian, RedHat, Apple and everyone has there one way to organize the config files.
    2. So, 'somewhere', where your have a SSL-Encryption, add something like this:
              ProxyRequests off

              <Proxy *>
                      Order deny,allow
                      Allow from all
              </Proxy>

              ProxyPass /soht/ http://localhost:8080/soht/
              ProxyPassReverse /soht/
    3. Restart your Apache (or just reload the configs)
    4. Don't forget to adjust the URL in soht.properties (on the client side)
If something is not working, try to think why, try google, try call a friend. It's also worth to read what the author of SOHT wrote on his page!

I hope it helped you. I know it's not the definite guide, and it's not for beginners. I apologize. But I don't like writing that much and you should have an idea now how a SOHT setup could work.

~Chris



Del.icio.us Digg Technorati Blinklist Furl Reddit Facebook

Log In

Search

Articles